On Fri, 26 Mar 2021 at 16:47, Kevin Fenzi <[email protected]> wrote: > On Fri, Mar 26, 2021 at 09:34:49PM +0100, Tomasz Torcz wrote: > > Dnia Fri, Mar 26, 2021 at 03:26:53PM -0500, Brandon Nielsen napisał(a): > > > On 3/26/21 3:24 PM, Matthew Miller wrote: > > > > On Fri, Mar 26, 2021 at 02:48:39PM -0400, Christopher wrote: > > > [Snip] > > > > > * In many places, including accounts.fedoraproject.org, in order > to > > > > > log in, you have to append the OTP to your password, so it doesn't > > > > > really play nice with password managers. > > > > > > > > This is pretty common in my experience; it seems like password > managers > > > > should support this pattern. > > > > > > > > > > I can't say I have ever appended an OTP to a regular password, and I > use 2FA > > > everywhere I can. > > > > I second that. I've only seen OTP appending on FreeIPA's > > implementation of 2FA. Everywhere else it's first a normal password > > prompt, then second for 2FA code (or push notification to phone, which > > is way easier for user). > > Notification via sms is... not too secure. ;( > > Not counting the insecurity.. it was also expensive to run. Each send cost money and the software to do so was not opensource when we looked at it a while ago.
-- Stephen J Smoogen.
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
